Add file manager and tool tester UI to mcpproxy frontend#24
Merged
Conversation
File manager (navbar → 📁 Files): browse the volume-mounted roots
(tools, files, repos), create subdirectories (e.g. tools/secrets),
upload files like client_secret.json, download, and delete — backed by
new /api/files endpoints with root whitelisting, resolve()+relative_to
path-traversal/symlink protection, basename-sanitized upload filenames,
and a streamed size cap (MCPPROXY_MAX_UPLOAD_BYTES, default 50 MB).
Tool tester (navbar → 🧪 Test Tools): lists every registered tool
grouped by provider, generates an argument form from each tool's JSON
input schema (enum/boolean/number/string fields with a raw-JSON
fallback for objects/arrays), invokes via the existing
/v1/tools/{name}/invoke endpoint, and renders the result with error
styling. Shows a restart hint when the registry is empty.
Adds python-multipart (required for FastAPI multipart uploads) and
tests covering the file API round-trip, traversal/symlink rejection,
filename sanitization, and the upload size limit.
https://claude.ai/code/session_01WnK1rtXGHDCNpsycAvxFqC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds two new interactive features to the mcpproxy UI: a file manager for browsing/uploading files to volume-mounted directories, and a tool tester for invoking registered MCP tools with custom arguments.
Key Changes
File Manager (
/api/filesendpoints)New REST API endpoints for file operations:
GET /api/files— list directory contents with metadata (type, size, mtime)POST /api/files/mkdir— create nested directoriesPOST /api/files/upload— multipart file upload with size limitsGET /api/files/download— download filesDELETE /api/files— delete files/directories with optional recursive flagSecurity: Implemented
_resolve_in_root()helper that validates all paths usingPath.resolve()andrelative_to()to prevent directory traversal attacks and symlink escapes. Symlinks are detected and listed but cannot be followed for reads.Configuration: Added
file_rootsparameter tocreate_app()to define whitelisted root directories (tools, files, repos). Defaults toCONFIG_DIR,FILES_DIR, andREPOS_DIR.Upload limits: Configurable via
MCPPROXY_MAX_UPLOAD_BYTESenvironment variable (default 50 MB). Partial uploads are cleaned up on failure.Tool Tester UI
provider__tool)Frontend UI Updates
Dependencies
python-multipartfor FastAPI multipart form handlingImplementation Details
https://claude.ai/code/session_01WnK1rtXGHDCNpsycAvxFqC